OSSI has been working with the OpenSSL team (Dr. Steve Henson) to support OCSP stapling (RFC 3546, section 3.6 "Certificate Status Request") for the Mozilla foundation. To date OCSP stapling has been implemented in the OpenSSL dev branch and will appear in the upcoming 0.9.8g release.
We're now looking at OCSP support for mod_ssl, with the goal of producing a working patch, and will be floating some queries as we go. We would like to see this patch, or some comparable implementation, incorporated into mod_ssl. Steve is confident he can put together something that works, but there are several design choices to be made on the way that we would like input on. For instance: - A tie-in to mod_proxy is intriguing but perhaps too ambitious at present. How desirable would that be? - What about integrating the OCSP stapling with the somewhat complementary Marc Stern OCSP patch? There will be some overlap with OCSP responder query code. If anyone has insights to offer or would like to collaborate please sing out. There should be a patch in about a week for bug tracker comments. Thanks, -Steve M. -- Steve Marquess Open Source Software institute [EMAIL PROTECTED]
